According to the authorization code flow documentation, in order to use a refresh token to receive a new access token we need to POST a request to https://accounts.spotify.com/api/token with the following fields in the x-www-form-urlencoded body:
And send an HTTP basic authorization header with the base64 "client_id:client_secret" value. That all translate into something like:
curl https://accounts.spotify.com/api/token \ -d 'grant_type=refresh_token' \ -d 'refresh_token=...' \ -H "Authorization: Basic $(echo -n "$client_id:$client_secret"|base64 -w0)"
..but this doesn't appear to work. Following the suggestion of some random person on github, I am able to successfully request a new access token if I get rid of the authorization header and include in the request body:
curl https://accounts.spotify.com/api/token \ -d 'grant_type=refresh_token' \ -d 'refresh_token=...' \ -d "client_id=$client_id" \ -d "client_secret=$client_secret"
Is the documentation incorrect? Am I just lucky that the second form of the request works, even though it's not documented? Thanks!
Hey there you,
Yeah, you! 😁
Welcome - we're glad you joined the Spotify Community!
While you here, let's have a fun game…